Firewall block all rules
hello my rules are:
Proto Source Port Destination Port Gateway Schedule Description * * * * * * Block WAN ALL TCP/UDP * * * 6666 * OpenVPN TCP/UDP * * * 3333 * NAT Squid Port Forward TCP/UDP * * * 110 * Allow WAN POP TCP/UDP * * * 995 * Allow WAN POP SSL TCP/UDP * * * 143 * Allow WAN IMAP TCP/UDP * * * 993 * Allow WAN IMAP SSL TCP/UDP * * * 25 * Allow WAN SMTP TCP/UDP * * * 465 * Allow WAN SMTP SSL TCP/UDP * * * 587 * Allow WAN SMTP TLS TCP/UDP * * * 21 * Allow WAN FTP UDP * * * 123 * Allow WAN NTP ICMP * * * * * Allow Ping TCP * * * 4804 * Allow BunkerTV Radio TCP/UDP 192.168.10.25 * * * * Allow Only Lafoffice01
why blocked me the firewall?
i am client 192.168.10.25
thanks for help!
Are thees rules are under Firewall->Rules->WAN tab?
I have similar problem. I want block all traffic from wan and just allow some things. In my case I think there is problem with (Block private networks and Block bogon networks) checkboxes under Interfaces->Wan tab!
yes i agree with your last point, but i have disable this point of blocking! (disabled: block bogon networks)
my first block rule = block all
and the last should agree me in, but all is block …. why?
i have this rule for LAN and WAN
first block any any any any
and last rule set for an client ip tcp/udp all free
but the client cant connect to anything!!! :(
what make i wrong?
(have i to set all protocol for 192.168.10.25 - that this client can access?)
how you realized that no other can access but your network??????
thanks for helping me!
1.) Try use TCP not TCP/UDP on that kind ports like POP,SMTP,FTP,etc.
2.) Allow thees ports on Firewall->Rules->LAN tab and remove them from WAN tab, for wan only set BLOCK rule for all ports and maybe later some other things like HTTPS management over your router.
And maybe take a look on this page: http://doc.pfsense.org/index.php/Example_basic_configuration
Best wishes, Janis!
jammcla last edited by
Remember that rules are resolved top down. So rules that are at the top will take priority over the ones at the bottom of the list.
cool this are very good news!!
and this tutorial for outbound lan rules are very good, gives this for wan?
have i only set for wan http, https????
what is with imap and pop3, smtp ??? only in lan rules?!
thanks for helping me and understanding pfsense ;)
I can show how I do that, I actually don`t know if this is right, but I have like:
In LAN -> ALLOW FROM LAN SUBNET TO Destination PORT -> HTTP, HTTPS, POP, SMTP, SSH, ftp and so on.
In WAN -> ALLOW Management from wan (HTTPS) from specified IP and THEN BLOCK ALL rule. And I`m planing here put more rules for port forwarding.
but why to set internet rules in lan interface?
wan has access to internet....
can you explain me?
1.) When you don`t have any firewall rules under LAN interface, then all is blocked from LAN interface. Looks like no rules in LAN (then all is blocked in LAN).
2.) Actually, I don
t know. But I think its good to do it in LAN interface if you use multiple LAN interfaces. Example you have LAN1(192.168.1.1/24) and LAN2 (192.168.10.1/24) and you want allow mail (POP and SMTP) ports only on LAN2 interface.
t take my serious, because, I just tested and discovered this all :) So im not a big expert on this :)
CeilingKitten last edited by
The rules take a priority from the TOP to the bottom, so Block * WAN * will refuse any allows that appear after it to fix this, move your block statement to the very bottom of your list, and all will be fixed.
Change your rules to look like this.
TCP/UDP * * * 6666 * OpenVPN
TCP/UDP * * * 3333 * NAT Squid Port Forward
TCP/UDP * * * 110 * Allow WAN POP
TCP/UDP * * * 995 * Allow WAN POP SSL
TCP/UDP * * * 143 * Allow WAN IMAP
TCP/UDP * * * 993 * Allow WAN IMAP SSL
TCP/UDP * * * 25 * Allow WAN SMTP
TCP/UDP * * * 465 * Allow WAN SMTP SSL
TCP/UDP * * * 587 * Allow WAN SMTP TLS
TCP/UDP * * * 21 * Allow WAN FTP
UDP * * * 123 * Allow WAN NTP
ICMP * * * * * Allow Ping
TCP * * * 4804 * Allow BunkerTV Radio
TCP/UDP 192.168.10.25 * * * * Allow Only Lafoffice01
* * * * * * Block WAN ALL